diff --git a/stash/.env b/stash/.env
new file mode 100644
index 0000000..545d666
--- /dev/null
+++ b/stash/.env
@@ -0,0 +1,58 @@
+# ===================================================================
+# REQUIRED SETTINGS
+# ===================================================================
+
+# Authentication secret key (REQUIRED)
+# Generate with: openssl rand -hex 32
+AUTH_SECRET=3da6bb307c595fe26273a3796e9da758ac9b388b9fd39e124013f1e59de5c30d
+
+# ===================================================================
+# DEPLOYMENT SCENARIOS
+# Choose the scenario that matches your setup
+# ===================================================================
+
+# ===================================================================
+# IMPORTANT: CSRF PROTECTION CONFIGURATION
+# ===================================================================
+
+# ORIGIN tells SvelteKit which external URL to expect requests from
+# This MUST match how you access your application in their browser
+# Examples:
+#   Direct Docker access: ORIGIN=http://192.168.0.10:7755
+#   Reverse proxy HTTPS: ORIGIN=https://gdluxx.my-cool-domain.com
+#   Local development: ORIGIN=http://localhost:7755
+# 
+# If you have issues with CSRF errors, temporarily disable with:
+# DISABLE_CSRF_CHECK=true
+
+# SCENARIO 1: Basic Docker Setup (Most Common)
+# For simple Docker deployments accessed via http://localhost:7755
+# Just set AUTH_SECRET above and you're done
+
+# SCENARIO 2: HTTP-Only Access (Development/Internal Networks)
+# For development or when running over plain HTTP
+USE_SECURE_COOKIES=false
+AUTH_TRUST_HOST=true
+ORIGIN=http://192.168.1.201:7755
+
+# SCENARIO 3: HTTPS with Reverse Proxy (Production)
+# For production with Caddy, Nginx, Traefik, etc.
+# USE_SECURE_COOKIES=true
+# AUTH_TRUST_HOST=true
+# ORIGIN=https://gdluxx.my-cool-domain.com
+
+# ===================================================================
+# ADVANCED SETTINGS (Optional)
+# You probably don't need to change these!
+# Only change these if you need custom configuration
+# ===================================================================
+
+# Custom port (default: 7755)
+# PORT=7755
+
+# Custom host binding (default: 0.0.0.0 for Docker)
+# Use 127.0.0.1 for localhost-only access
+# HOST=0.0.0.0
+
+# Custom data directory (default: ./data)
+# FILE_STORAGE_PATH=/custom/path/to/data
diff --git a/stash/docker-compose.yml b/stash/docker-compose.yml
index 54202b5..842da7e 100644
--- a/stash/docker-compose.yml
+++ b/stash/docker-compose.yml
@@ -51,6 +51,24 @@ services:
       - "/mnt/system/gallery-dl:/gallery-dl"
     restart: on-failure
 
+  gdluxx:
+    image: ghcr.io/gdluxx/gdluxx:latest
+    container_name: gdluxx
+    ports:
+      - '7755:7755'
+    volumes:
+      #- /home/ccalifice/docker-data/stash/gdluxx/data:/app/data
+      - /mnt/system/gdluxx/data:/app/data
+    environment:
+      - AUTH_SECRET=${AUTH_SECRET}
+      - ORIGIN=${ORIGIN:-http://localhost:7755}
+    restart: unless-stopped
+    deploy:
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+        delay: 3s
+
   whisparr:
     container_name: whisparr
     image: ghcr.io/hotio/whisparr
@@ -61,7 +79,7 @@ services:
       - PGID=1002
       - UMASK=002
       - TZ=America/Sao_Paulo
-      - WEBUI_PORTS=6969/tcp 
+      - WEBUI_PORTS=6969/tcp
     volumes:
       - /home/ccalifice/docker-data/stash/whisparr:/config
       - /mnt/system/data:/data